-
mike
Chinwag.im turns six years old today. I remember around the time I set it up there was barely half a dozen people in this channel most of the time. Keep up the good work, folks.
-
Licaon_Kter
mike: heh, I saw your posts about how to setup, when I was looking for info for mine :) 👍
-
mike
Nice, yeah they still get a bit of traffic too, even though they're a bit out of date now. Glad to have been of some use. 😁
-
Licaon_Kter
Not sure I used them in the end, I went with the docs mostly, and harassed the ejabberd devs :))
-
mike
Yeah fair call, if you went ejabberd there's not much applicable. Although the page getting the most hits these days is the one where I got into how the SRV records work, might be worth give that a polish as it's more relevant than anything else.
-
christian
mike: witch one is it? Let me see it :)))
-
mike
christian: you mean the tutorial pages? It's here: https://bremensaki.com/chinwag/ Bear in mind it's six years old and uses some software and services that no longer exist. Jappix and StartSSL spring to mind.
-
christian
mike: OK. And you don't need that HDD space for something else?
-
mike
It's just a collection of blog posts, as a diary of how I started Chinwag when it was a new server it's still accurate.
-
christian
Software is probably the most inflationary commodity
-
christian
I sometimes wonder how long it takes us to understand that it's just procrastination, and that we actually need to be treated.
-
Anhydrous
christian: tech just got dumped hard in the stock market, interestingly enough.
-
Anhydrous
I wonder if they got notified by xmpp ;p
-
Licaon_Kter
Anhydrous: umm?
-
christian
I think it's much simpler, they looked at the electricity bill of the data centers that do nothing but distribute the banners that are currently blocked by them.
-
Anhydrous
christian: the elon musk effect on bitcoin
-
Anhydrous
Either way, it would be nice to see more investment in xmpp.
-
Martin
Link Mauve: Error from REDACTED@linkmauve.fr: Server-to-server connection failed: No route to host
-
mathieui
Martin: his router is still dead
-
Martin
Oh, I thought he was back after I had this issue the last time.
-
rob
I'm back, Ubuntu knocked my server out a bit. I was working on setting up a second wireguard connection and systemd resolve decided to bork DNS. All from nothing more than some wg-quick up/down, no reboots or software installation
-
moparisthebest
PSA: upgrade your prosody's ASAP people https://prosody.im/security/advisory_20210512/
-
ij
> Chinwag.im turns six years old today. I remember around the time I set it up there was barely half a dozen people in this channel most of the time. Keep up the good work, folks. Mike, I did some research the other day and it seems that I set up XMPP in November 2007… I don’t think that this MUC existed back then… ;)
-
Licaon_Kter
moparisthebest: > adopt the same default size limits that are already enforced by ejabberd Thase wer se bumped based on stats Holger ?✎ -
Licaon_Kter
moparisthebest: > adopt the same default size limits that are already enforced by ejabberd Thase were bumped based on stats Holger ? ✏
-
Licaon_Kter
> adopt the same default size limits that are already enforced by ejabberd Those were bumped based on stats Holger ? ✏
-
Holger
Not really. I wrote Matt the other day: > The current limits are a compromise of me wanting to bump them after seeing users running into avatar problems, vs. p1 always being afraid of making the server more prone to DoS attacks.
-
Licaon_Kter
Yeah, avatars I remember but, not much else, 10Mb seemed too big though.
-
Licaon_Kter
moparisthebest: your proxy exists to fix these or it helped you discover them?
-
moparisthebest
first :)
-
rob
> first :) Good to know
-
moparisthebest
it just makes sure too-big stanzas don't reach prosody at all though, so without a sensible limit won't help anyway
-
moparisthebest
if anyone runs arch and trusts me https://burtrum.org/aur/prosody-1%3A0.11.9-1-x86_64.pkg.tar.zst or build yourself https://github.com/moparisthebest/arch-ppa/tree/master/src/prosody
-
MattJ
FWIW "10MB" was never really meant to be a sensible limit, we added it because of well, obvious reasons. But nobody ever lowered it, and we never had good stats on what defaults to choose. I think it makes sense for the two most popular implementations to agree though.
-
Araucaria
Does proxy65 have any reason to be enabled?
-
MattJ
Yes, if you want to send large files to someone and one or both of you are behind a NAT
-
Araucaria
But it is obviated by http upload?
-
rob
Araucaria: for sending files when direct doesn't work I believe
-
moparisthebest
Araucaria, Conversations for instance will use that if the file is too big for your http upload limits I think ?
-
rob
But yes, I guess http_upload with huge limits would do the same
-
xorman
rob: are you aware that systemd-resolvd defaults to 8.8.8.8?
-
Araucaria
xorman: that is only a fallback
-
rob
xorman: Mine was not, it was adding a bunch like 127.0.0.1 and then two 75.x.x.x something and then I've one my local network, guessing router but only 3 are supported
-
rob
Either way it didn't work until I overwrote the symlink and hard-coded it
-
rob
But previously it worked fine so idk
-
jl4
heya XMPPers
-
jl4
just to inform you that we have a Plan in Catalonia / Barcelona to introduce XMPP in the Schools
-
jl4
slowly progressing,
- jl4 you know, technopolitics...
-
jl4
it would be part of Zimbra + Nextcloud + XMPP combo and bla,bla
-
jl4
...
-
moparisthebest
awesome, what servers/clients do you plan to use ?
-
jl4
we are considering Prosody and ConverseJS
-
jl4
for now...
-
jl4
alpha phase (> Beta on Snikket ? )
-
ernst.on.tour
jl4: in 1 school or in the whole town ? Which schoolform ? Elementary school or also olders ?
-
croax
Aprofitat 👍
-
tom
» https://hg.prosody.im/trunk/rev/db8e41eb6eff I just want to state that these defaults are total rubbish and way too small, and I've always said that about ejabberd
-
tom
As well as this https://hg.prosody.im/trunk/rev/b0d8920ed5e5
-
Anhydrous
croax: catalan?
-
jl4
starting with some isoletd shcools and moving onto a network of Schools
- jl4 salut
-
tom
Rate limiting without active queue management is just a recipe for lag
-
jl4
ernst.on.tour
-
jl4
i'm gonna run an alpha test on a Secondary School in Madrid
-
tom
» https://hg.prosody.im/trunk/rev/63fd4c8465fb total rubbish
-
xorman
awesome
-
tom
This isn't a metigation
-
tom
1MB
-
tom
Come on
- jl4 stay tuned ...
-
moparisthebest
tom, the default in the configuration file matches ejabberd's 256kb for c2s and double for s2s
-
moparisthebest
patches to raise them without wildly unconstrained memory growth presumably welcome...
-
moparisthebest
if you don't apply these patches, it's easy to grow prosody's memory use to 5gb+ in seconds
-
ernst.on.tour
Nice... Hope anything is running well, I've lost the "fight" against the officials, only 2 private schools (church) were willing to spend some money for hardware. Raspi wasn't an alternative, first one (Raspi A+) was just released.
-
Araucaria
Is 1mb for s2s stanza limit too high?
-
Araucaria
At .5mb I had s2s disconnects due to policy violations
-
tom
I think it's WAAY too low
-
moparisthebest
512k is the default in prosody and ejabberd Araucaria
-
moparisthebest
it's fine, it'll reconnect
-
tom
Please people do not rush up updating to prosody 11.9
-
moparisthebest
let me be clear: if you aren't on prosody 0.11.9 and you don't apply the suggested config changes, your server can be ran out of memory *in seconds* without someone even having an account on it
-
tom
The only thing, besides a timing attack for muc passwords (which people rarely use anyways) it fixes are a potential dos vector with questional state size and rate limits
-
moparisthebest
I have a simple program that will do this
-
moparisthebest
if you don't believe me and wish me to point it at your server for a demonstration, I can do that for you, obviously only if you ask though
-
tom
Unless your actually getting ddosed, I would suggest holding off and letting this update stew for a while to come up with either A, a better solution or B, saner default limits
-
moparisthebest
sure, leave your server wide-open to known trivial DOS if you want, I wouldn't advise it though
-
Araucaria
Do most people not just run prosody from the nightly repo?
-
tom
moparisthebest: I would appreciate if you could send me your proof of concept program so that I could test on my own time for limits that work better for m
-
moparisthebest
I run the latest stable release
-
tom
E
-
tom
However my main concern is interoperability of XMPP at large
-
tom
I don't think people should be in a huge rush to install this update unless they are under attack
-
tom
Especially not all at ounce
-
moparisthebest
I'll release it in a sane amount of time, maybe a week or so, let's see how fast various distros update but to be clear, now that the info is released "stanza size limits are needed" anyone who can write a program that uses TCP can write this in minutes
-
moparisthebest
a large portion of in-the-wild XMPP servers already have these limits, it's fine
-
tom
Yeah but TCSR vulns have been a thing for a very long time
-
tom
Yet here we are
-
tom
(tls client-side renegotiation)
-
moparisthebest
so if you are absolutely crazy (my opinion) and want to run way-too-big-stanza-sizes, you still need to update to 0.11.9 right away for the other critical fixes, you can just set the stanza limits as you like then
-
tom
» <moparisthebest> a large portion of in-the-wild XMPP servers already have these limits, it's fine yeah, that's the problem. It's been causing lots of S2S resets from policy violations about stanza size limits, as well as severe lag
-
moparisthebest
the TLS and proxy65 and gc fixes are still required
-
tom
I've had several people move to my server due to rate limiting induced lag and stanzas being dropped
-
tom
They just aren't critical to me moparisthebest
-
moparisthebest
what kind of lag will you have when your server is using 16G of ram on demand :P
-
moparisthebest
how big of a server are you running on
-
tom
Not very big, but I already have proccess-supervisory, periodic heal-checking, and container limits setup
-
tom
What i'm saying is that the stanza size and rate limiting is not sane yet and needs to be though out further. I have no problems with the other mitigations
-
tom
But
-
moparisthebest
so your init system will just repeatedly kill prosody then? :P
-
tom
The other metigations are not new to me
-
moparisthebest
that'll be nice for your users
-
tom
It's a balance moparisthebest
-
tom
A balance between interoperability, latency, and security
-
tom
I'm not ready to adopt those insane stanza size and rate limits
-
moparisthebest
sure, choose between changing them to match the rest of the entire network, or your server crashing every 2 seconds
-
tom
The mac password timing attack is not something any of my users use passwords on their mucs
-
tom
I can hold off
-
moparisthebest
don't run proxy65 or TLS either ?
-
Araucaria
Updates are your friend.
-
Araucaria
Please update
-
moparisthebest
why wouldn't you just upgrade and apply the stanza size limits you wish ?
-
Araucaria
🐣
-
moparisthebest
the gc one is *very important* too btw
-
tom
Ok
-
tom
I don't think s2s or c2s rate limiting without active queue management is reasonable AT ALL
-
moparisthebest
if you are ok with CPU eating, sure, remove those
-
tom
I'm not sure what stanza size limits are good for me yet, but those defaults are definitely too small
-
moparisthebest
I mean rather, don't enable mod_limits
-
tom
This is certainly bad news for federation at least up front
-
tom
Does prosody support the PROXY protocol already?
-
moparisthebest
I see it as good news, that the 2 main implementations now agree on stanza sizes :)
-
moparisthebest
with mod_net_proxy yes
-
tom
Thanks
-
moparisthebest
this was my mitigation before 0.11.9 was released :) https://github.com/moparisthebest/xmpp-proxy , just prevents too-big stanzas from reaching prosody in the first place
-
Araucaria
What is the usecase for such large stanzas?
-
moparisthebest
Araucaria, the only thing I've ever seen violate them is when some idiots sets a 10mb avatar which is sent as base64'd text
-
moparisthebest
personally I like my server not sending those on to my clients but hey, you do you
-
tom
Copy-pasting news articles into mucs, large avatars such as the ones published by artists
-
moparisthebest
a good client would split news articles up as needed
-
moparisthebest
large avatars can go straight to hell, how inconsiderate of you of other people's bandwidth
-
tom
We don't have the luxury of disparaging clients for minute details like that
-
tom
And
-
tom
That's a subjective opinion. One that doesn't account for a host with lots of artists
-
tom
Or visually inclined people
-
moparisthebest
do clients exist where you can zoom in on avatars that much ?
-
tom
Yes
-
tom
Psi+ for one
-
moparisthebest
hi quality pictures shouldn't be sent over base64 in XML
-
moparisthebest
invent another way, probably http upload
-
tom
You just click on an avatar and use your scrollwheel or resize the window
-
moparisthebest
ah, haven't used Psi+, none of Conversations, Dino, Gajim let you
-
tom
No but 17MB would be a much saner limit
-
tom
To account for the 30% b64 overhead
-
moparisthebest
I'm in about 53 mucs, I don't want a 17mb avatar from any of them
-
tom
Google chrome and firefox doesn't do that so it's not a use case or feature worth considering. Lets apply that way of thinking to XMPP (sarcasm)
-
Araucaria
A 1mb news article?
-
moparisthebest
HTTP has good ways of delivering large binary images
-
Araucaria
How do disable forwarding of large avatars?✎ -
Araucaria
How to disable forwarding of large avatars? ✏
-
moparisthebest
going with the default stanza limits does it
-
tom
moparisthebest: take some time to read about active queue management and why FIFO+burst is not adequate for interactive network communication
-
moparisthebest
be the change you want to see tom , fix it, I'll apply your patch :)
-
Holger
tom: > Unless your actually getting ddosed, I would suggest holding off and letting this update stew for a while Huh? Doesn't that update just change *defaults*?
-
Holger
I.e. if you don't like them you just set different values, problem solved, no?
-
tom
That's probably the case but i need to make sure if it and I haven't had the time to do that yet
-
moparisthebest
it's absolutely the case
-
Holger
Ah okay. I was just wondering why you're recommending others not to update.
-
tom
That's not what i'm doing. I'm just saying don't go barreling into an update like this that can effect federation so much
-
tom
Do update
-
tom
Don't rush this update
-
tom
The defaults are almost definitely not sane
-
Holger
I think we'll all be happy if you come to with a better solution. Until then, it's obviously a trade-off, so pretending someone is right and someone else wrong is just nonsense.
-
moparisthebest
sorry but the update fixes a ton of real security issues even if you don't like the defaults
-
moparisthebest
telling people not to update is stupid
-
Holger
Stronger language won't make such statements more useful.
-
moparisthebest
update and set different values if you like
-
jonas’
moparisthebest: do you intend to publish your PoC? :)
-
tom
These are DoS vectors, not RCEs or anything like that
-
moparisthebest
jonas’, sure, it's trivial for anyone to write after all, I was just going to wait ~1 week until updates were available for all the distros
-
jonas’
moparisthebest: :+1:
-
moparisthebest
tom, the proxy65 one and dialback-without-dialback are security ones close enough to RCE
-
tom
No it's not. » updated for safety, but due to the single-use nature of s2s dialback verification strings a timing attack on this module is not believed to be possible, or to grant an attacker any advantage if it were. And the proxy65 one just means public users can use some of your bandwidth
-
tom
Which for someone who already offers public internet services, is nothing new
-
Holger
DDoS is all fine as long as you only permit the most restrictive TLS settings 😉
-
tom
» May 13 10:09:51 s2sout55b25f6478b0 info Outgoing s2s stream conference.nuegia.net->dismail.de closed: policy-violation (XML stanza is too big) » May 13 10:15:55 s2sout55b264c7beb0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:15:55 s2sout55b264c7beb0 info Outgoing s2s stream conference.nuegia.net->trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:26:00 s2sout55b2603c5950 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:26:00 s2sout55b2603c5950 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:27:00 s2sout55b26034b220 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:27:00 s2sout55b26034b220 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:29:20 s2sout55b268128800 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:29:20 s2sout55b268128800 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:33:16 s2sout55b26043e620 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:33:16 s2sout55b26043e620 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:35:53 s2sout55b2608cb970 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:35:53 s2sout55b2608cb970 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:42:38 s2sout55b25f299b80 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:42:38 s2sout55b25f299b80 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 10:48:34 s2sout55b25f5e7ae0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 10:48:34 s2sout55b25f5e7ae0 info Outgoing s2s stream conference.nuegia.net->dismail.de closed: policy-violation (XML stanza is too big) » May 13 11:02:33 s2sout55b26bc55000 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:02:33 s2sout55b26bc55000 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:02:57 s2sout55b25f3e0340 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:02:57 s2sout55b25f3e0340 info Outgoing s2s stream conference.nuegia.net->creep.im closed: policy-violation (XML stanza is too big) » May 13 11:18:56 s2sout55b264342cf0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:18:56 s2sout55b264342cf0 info Outgoing s2s stream conference.nuegia.net->dismail.de closed: policy-violation (XML stanza is too big) » May 13 11:22:17 s2sout55b2643ede80 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:22:17 s2sout55b2643ede80 info Outgoing s2s stream conference.nuegia.net->onionmessenger.com closed: policy-violation (XML stanza is too big) » May 13 11:22:32 s2sout55b2640147b0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:22:32 s2sout55b2640147b0 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:34:18 s2sout55b26366e740 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:34:18 s2sout55b26366e740 info Outgoing s2s stream conference.nuegia.net->dismail.de closed: policy-violation (XML stanza is too big) » May 13 11:42:48 s2sout55b2630c1650 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:42:48 s2sout55b2630c1650 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:43:31 s2sout55b263257a20 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:43:31 s2sout55b263257a20 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:44:57 s2sout55b25f22a870 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:44:57 s2sout55b25f22a870 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:46:04 s2sout55b25f33a650 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:46:04 s2sout55b25f33a650 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:49:57 s2sout55b262b23bf0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:49:57 s2sout55b262b23bf0 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:50:46 s2sout55b25f9c67c0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:50:46 s2sout55b25f9c67c0 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:52:48 s2sout55b2643e6b90 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:52:48 s2sout55b2643e6b90 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 11:56:12 s2sout55b25f52f640 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 11:56:12 s2sout55b25f52f640 info Outgoing s2s stream conference.nuegia.net->dismail.de closed: policy-violation (XML stanza is too big) » May 13 12:00:41 s2sout55b26458f4b0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 12:00:41 s2sout55b26458f4b0 info Outgoing s2s stream conference.nuegia.net->chat.sum7.eu closed: policy-violation (XML stanza is too big) » May 13 12:00:49 s2sout55b264d2ccc0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 12:00:49 s2sout55b264d2ccc0 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 12:03:31 s2sout55b2630b3a70 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 12:03:31 s2sout55b2630b3a70 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 12:04:47 s2sout55b25f58ddd0 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 12:04:47 s2sout55b25f58ddd0 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) » May 13 12:16:06 s2sout55b265614a80 info Session closed by remote with error: policy-violation (XML stanza is too big) » May 13 12:16:06 s2sout55b265614a80 info Outgoing s2s stream nuegia.net->conference.trashserver.net closed: policy-violation (XML stanza is too big) »
-
tom
This is what i'm afraid of if everyone just adopts these defaults all at ounce
-
tom
This issue getting much worse
-
moparisthebest
> And the proxy65 one just means public users can use some of your bandwidth tom: and access all your private services, including those you thought were only on localhost :)
-
tom
Why aren't you already running a firewall?
-
moparisthebest
and there's nothing wrong with that, you immediately open it back up and only the giant stanzas are lost
-
moparisthebest
you firewall localhost ?
-
rob
> tom: and access all your private services, including those you thought were only on localhost :) Wait what? 😳🤓
-
tom
And btw, is that the case prosody's implementation of proxy65 allows local loopback and private addresses to be relayed to?
-
tom
If so that's a much bigger problem that needs to be addressed
-
tom
Not even coturn allows that
-
moparisthebest
maybe, that's what I think when I read "unrestricted access"
-
tom
No moparisthebest, that's not what the means. That
-
tom
S something very different
-
tom
Holy crap no
-
tom
There should be more than just an authentication token proventing loopback address relaying
-
moparisthebest
then they are just using your server to download kiddie porn? I doubt that's better
-
tom
moparisthebest: your talking to someone who runs openwireless.org and tor nodes
-
tom
That's a poor argument
-
moparisthebest
I'll be sure to use your server to DOS all the other prosody installations that refuse to set proper stanza sizes then :D
-
moparisthebest
(that was a joke I won't really do this)
-
tom
This fix is like cutting someone's foot off to prevent them from getting an infected toenail
-
tom
See the above logpaste for the problems it's been causing
-
Holger
tom: What's the proper fix?
-
moparisthebest
^ this, please provide the proper fix then
-
tom
I don't know yet, possibly a larger stanza size limit that what's been set already, perhaps something more
-
Holger
I think it's just one of the cases where you need to apply limits to minimize the risk of resource exhaustion. The world of Internet services is full of such limits which have to exist short of better solutions.
-
Holger
tom: And if you're all about federation interop, it's weird to pretend this to be a Prosody-specific problem. Different servers running different limits is the interop issue when it comes to stuff such as avatars.
-
Licaon_Kter
tom: > This is what i'm afraid of if everyone just adopts these defaults all at ounce > This issue getting much worse What are they rejecting exactly?
-
Holger
The real problem is, there's no way the publishing client could know the s2s limits of all (future) potential remote servers.
-
Holger
So discussing how to handle this problem seems way more interesting to me than raging all about the actual default limit of a single implementation.
-
moparisthebest
and if you are concerned about interop, the 2 main implementations agreeing on defaults is obviously a good thing
-
moparisthebest
but sure, the best thing about XMPP is if you come up with a solution, it can be implemented :D
-
Holger
And if for some reason you are aware of a saner default, because you know more than we, then this would probably be good to suggest to all implementations.
-
tom
I'm not sure, it's not like it tells you which stanza was rejected from the perspective of an operator
-
tom
I have some educated guesses
-
moparisthebest
prosody can if you crank up the verbosity of the log to 11
-
tom
But it's not like we have a histogram of all stanza sizes vs time egressing our servers
-
moparisthebest
you could write that module too to give you that, would be helpful, maybe it already exists ? iirc jonas’ was working on some stats module
-
tom
That is true, however these failures and transient and unpredictable in nature
-
tom
I'd have to enable debug right when it happens
-
Holger
Right. Educated guessed that discuss both sides of the trade-off. (in different ways than "c'mon it's just a DoS who cares") sound good to me.
-
tom
It's not "who cares" it's not treating dos like rce
-
Holger
Note I've been the guy arguing for larger default limits for ejabberd. But it's less obvious to me that everyone concerned about DoS would be plain insane.
-
tom
Brb for a while please
-
moparisthebest
openssl recently had a similar release by the way, and everyone rushed to update, the only impact was a remote attacker could crash your server on demand, same thing here
-
tom
» <Holger> And if for some reason you are aware of a saner default, because you know more than we, then this would probably be good to suggest to all implementations. 17MB
-
moparisthebest
tom, ok but, prosody with the previous 10MB limit could be made to eat 5gb of ram in seconds by a single connection, so... what's your proposal to solve that
-
moparisthebest
also check other servers with that limit and see what happens
-
tom
Even with the more aggressive garbage collection?
-
moparisthebest
yes, and the more aggressive garbage collection causes unconstrained CPU usage without the bandwidth rate limiting you see
-
tom
Where exactly is the memory leak happening? In the connection buffer or the parser itself?
-
moparisthebest
¯\_(ツ)_/¯ lua things....
-
tom
Well if only 10MB of data can be made to cause 5g resident usage in only a matter of second by a single connection something is very wrong
-
tom
I'm sure there's a better solution out there
-
tom
moparisthebest: there's no special noteworthy conditions your leaving out, like compression left on or something?
-
moparisthebest
this is going to come off sarcastically even though I don't mean it to be
-
moparisthebest
if you can come up with a better solution, great, please do so
-
moparisthebest
nope, no compression, though it'd probably make it worse
-
tom
Ok so it's not a zip bomb
-
tom
So
-
tom
This is probably site specific
-
moparisthebest
"stanza size limits" is really all you need to know, I'll release my POC next thursday assuming most distros have updated, but it's really just a few lines of trivial code
-
tom
But in general, and if we are talking about defaults here, cputime is much cheaper than ram
-
tom
I really wish the collateral damage of these mitigations would be taken more seriously than the dos vulnerability alone
-
moparisthebest
again if you are concerned about interop, having all major implementations agree on limits is a major win
-
moparisthebest
all the problems you see will start to drop off
-
tom
10mb is too small and i've had this issue before with that limit before this vuln was a concern
-
tom
Emailing other operators
-
moparisthebest
again, please do come up with a better solution, then maybe increasing them would be an option
-
moparisthebest
I still don't see the point, giant avatars aren't suitable for xml, please come up with a *different* solution for those if you want them, one that has caching and such
-
tom
There's a prosody module for that
-
tom
Caching muc vcards and avatars serverside
-
moparisthebest
one that doesn't involve cramming a bunch of binary in XML *and* has caching
-
moparisthebest
probably involving HTTPS but that's left as an excercise for the developer of the XEP